feat: Refactor Mihomo setup script to improve interface handling and add new rule logic

2026-04-12 13:05:06 +03:00
parent 71b2b4e6e5
commit 1c8d49a636
2 changed files with 69 additions and 18 deletions
--- a/config-clash/solar/solar.yaml
+++ b/config-clash/solar/solar.yaml
@@ -193,17 +193,17 @@ dns:
  # - https://d.adguard-dns.com/dns-query/5ffb7de2

 hosts:
-  'solar.shamanlanding.org':        192.168.25.8
-  
-  'battlescribe.shamanlanding.org': 192.168.25.8
-  'kavanah.shamanlanding.org':      192.168.25.8
-  'loremaster.shamanlanding.org':   192.168.25.8
-  'omnissiah.shamanlanding.org':    192.168.25.8
-  'sanctum.shamanlanding.org':      192.168.25.8
-  'tesseract.shamanlanding.org':    192.168.25.8
-  'synaxis.shamanlanding.org':      192.168.25.8
-  
-  '+.solar.shamanlanding.org':      192.168.25.8
+#  'solar.shamanlanding.org':        192.168.25.8
+#  
+#  'battlescribe.shamanlanding.org': 192.168.25.8
+#  'kavanah.shamanlanding.org':      192.168.25.8
+#  'loremaster.shamanlanding.org':   192.168.25.8
+#  'omnissiah.shamanlanding.org':    192.168.25.8
+#  'sanctum.shamanlanding.org':      192.168.25.8
+#  'tesseract.shamanlanding.org':    192.168.25.8
+#  'synaxis.shamanlanding.org':      192.168.25.8
+#  
+#  '+.solar.shamanlanding.org':      192.168.25.8

 proxy-providers:
  🐦 fallback package:
@@ -311,6 +311,7 @@ proxy-groups:
    exclude-filter: ""
    exclude-type: ""
    proxies:
+      - PASS
      - Заблокированные сайты
      - Личный список
    <<: [*health_check_groups, *use_all, *p_selector_udp]
@@ -319,7 +320,7 @@ proxy-groups:
    exclude-filter: ""
    exclude-type: ""
    proxies:
-      - Testzone A
+      - PASS
      - Заблокированные сайты
      - Личный список
    <<: [*health_check_groups, *use_all, *p_selector_udp]
@@ -352,18 +353,56 @@ rule-providers:
    path: "./rule_provider/consolidated-lists-private/adaptation-scarus-ip-proxy.yaml"
    <<: *default_rule_provider_config
  
+  🛝 Testzone A:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/testzone-a.yaml
+    path: "./rule_provider/services/consolidated-lists-private/testzone-a.yaml"
+    <<: *default_rule_provider_config
+  🛝 Testzone B:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/testzone-b.yaml
+    path: "./rule_provider/services/consolidated-lists-private/testzone-b.yaml"
+    <<: *default_rule_provider_config
+  🛜 Webway Unprivileged:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/webway-unprivileged.yaml
+    path: "./rule_provider/services/consolidated-lists-private/webway-unprivileged.yaml"
+    <<: *default_rule_provider_config
+  🛜 VLAN10:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/vlan10.yaml
+    path: "./rule_provider/services/consolidated-lists-private/vlan10.yaml"
+    <<: *default_rule_provider_config
+  🛜 VLAN40:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/vlan40.yaml
+    path: "./rule_provider/services/consolidated-lists-private/vlan40.yaml"
+    <<: *default_rule_provider_config
+
+  👥 Current Antifilter/Refilter:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-public/current-public-set.yaml
+    path: "./rule_provider/consolidated-lists-public/current-public-set.yaml"
+    <<: *default_rule_provider_config
+
  📦 RU Services Manual:
    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/ru-services.yaml
    path: "./rule_provider/consolidated-services/ru-services.yaml"
    <<: *default_rule_provider_config

 rules:
-  - OR,((RULE-SET,📦 RU Services Manual),(GEOIP,RU),(GEOSITE,category-ru)),RU-зона локально
+  - SUB-RULE,(OR,((RULE-SET,📦 RU Services Manual),(GEOIP,RU),(GEOSITE,category-ru))),russian_internet
+  
+  - RULE-SET,🛝 Testzone A,Testzone A
+  - RULE-SET,🛝 Testzone B,Testzone B
  
  - RULE-SET,📃 Solar Proxy Domain List,Личный список
  - RULE-SET,📃 Solar Proxy IP List,Личный список,no-resolve
+  
  - RULE-SET,📃 Shared Proxy Domain List,Заблокированные сайты
  - RULE-SET,📃 Shared Proxy IP List,Заблокированные сайты,no-resolve
+  - RULE-SET,👥 Current Antifilter/Refilter,Заблокированные сайты
  
  - MATCH,DIRECT

+sub-rules:
+  russian_internet:
+    - DOMAIN-SUFFIX,shamanlanding.org,DIRECT
+    - SRC-IP-CIDR,100.98.0.0/16,RU-зона через webway
+    - SRC-IP-CIDR,10.10.0.0/16,RU-зона локально
+    - SRC-IP-CIDR,10.40.0.0/16,RU-зона локально
+    - MATCH,REJECT
--- a/scripts/warpgates/iptables-mihomo-setup-alpine-mark2.sh
+++ b/scripts/warpgates/iptables-mihomo-setup-alpine-mark2.sh
@@ -11,6 +11,7 @@ FW_MARK="0x1"
 ROUTE_TABLE="100"

 EXCLUDE_IFACES=("tun0")  
+INCLUDE_IFACES=("wt0" "eth1" "eth2")

 # ----------------------------
 # Helpers
@@ -86,7 +87,15 @@ ipt -t nat -A OUTPUT -m owner --uid-owner "${MIHOMO_UID}" -m comment --comment "
 ipt -t nat -A OUTPUT -p tcp -m comment --comment "MIHOMO-JUMP" -j MIHOMO_REDIR

 # Apply to PREROUTING (wt0 Ingress) - Force Redir for NetBird (skips exclusions by design)
-ipt -t nat -A PREROUTING -i wt0 -p tcp -m comment --comment "MIHOMO-REDIRECT" -j REDIRECT --to-port "${REDIR_PORT}"
+for IFACE in "${INCLUDE_IFACES[@]}"; do
+  if [ "$IFACE" = "wt0" ]; then
+    # wt0 (Netbird) пропускает исключения локальных подсетей по твоему дизайну
+    ipt -t nat -A PREROUTING -i "$IFACE" -p tcp -m comment --comment "MIHOMO-REDIRECT" -j REDIRECT --to-port "${REDIR_PORT}"
+  else
+    # LAN-трафик (eth1, eth2) должен прыгать в цепочку MIHOMO_REDIR для проверки исключений (192.168.x.x и т.д.)
+    ipt -t nat -A PREROUTING -i "$IFACE" -p tcp -m comment --comment "MIHOMO-JUMP-$IFACE" -j MIHOMO_REDIR
+  fi
+done

 # ----------------------------
 # MANGLE (TPROXY) - UDP
@@ -116,6 +125,9 @@ ipt -t mangle -A OUTPUT -p udp -m comment --comment "MIHOMO-MARK" -j MARK --set-
 for IFACE in "${EXCLUDE_IFACES[@]}"; do
  ipt -t mangle -A PREROUTING -i "${IFACE}" -m comment --comment "MIHOMO-EXCLUDE" -j RETURN
 done
-ipt -t mangle -A PREROUTING -i wt0 -m comment --comment "MIHOMO-JUMP" -j MIHOMO_TPROXY
+
+for IFACE in "${INCLUDE_IFACES[@]}"; do
+  ipt -t mangle -A PREROUTING -i "$IFACE" -m comment --comment "MIHOMO-JUMP-$IFACE" -j MIHOMO_TPROXY
+done

 echo "Done. Suboptimal hypervisor constraints bypassed successfully."